ODOpara Davidinzalparus.hashnode.dev路Sep 23, 2025 路 5 min readUnmasking Hidden Backdoors: How I Traced a Webshell Dropper in a PHP AppGood day, security enthusiasts and professionals. Welcome back to my blog. In today鈥檚 write-up, I鈥檒l walk you through how I uncovered a hidden path attackers were using to upload web shells on a client鈥檚 PHP application. This particular application d...00
ODOpara Davidinzalparus.hashnode.dev路Sep 20, 2025 路 3 min readTryhackme Smol Challenge ( Medium level CTF)Smol is a vulnerable WordPress application with outdated plugins connected to it. The first step in solving a CTF is to usually read the description thoroughly. In order to have an idea of how to effectively walkthrough. This is the description. Fro...00
ODOpara Davidinzalparus.hashnode.dev路Jun 3, 2025 路 2 min readHow i was able to exploit a vulnerable payment system.Hello hackers and security enthusiasts, we are here again to serve you dinner in a 5-star hotel 馃槉. Hope you enjoy it !!!. LITTLE BIO ABOUT ME I鈥檓 David, a software developer and cybersecurity researcher who specializes in application security. I spe...01T
ODOpara Davidinzalparus.hashnode.dev路May 17, 2025 路 2 min readHow i was able to abuse XML-RPC to get Origin IP.What is XML-RPC XML-RPC stands for "XML Remote Procedure Call". It鈥檚 a protocol that allows software running on different operating systems or written in different programming languages to make procedure calls over a network (usually HTTP). How it wo...00
ODOpara Davidinzalparus.hashnode.dev路May 5, 2025 路 3 min readJWT misconfiguration and PII sensitive information leakHi guys, Its David again, your favorite software developer and Security Researcher. I am back again with another report for you. Like i promised, i would make sure to be documenting all my bug findings. Had a busy week, so i utilized the weekend to m...00
